ConfigSecurityPolicy[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

ConfigSecurityPolicy.exe
Size

222KB
MD5

5e4da52dd7e35f3452767b6a36fa8c3a
SHA1

fb0a08da5f8b15c8f80f28d9f45a6cc8b00b0fc2
SHA256

9b21ab6dec222b35032d6229aa29f3174f95f276128bbb4d0d6b967ded0ed9a2
SHA512

c3397aa3463a03630cd8534573332105df43d6a36df8b40b9c7a3f2aba8de31731ef4d362048ccc5d3cadc44b3a3980dff51789b5b094203a0cd37e44e83b03d
SSDEEP

6144:+6GQaPzzXcP85BiPsZsGxJwtBRk7Rz0++tkbM0H9:taPzzcPn0ZoRmRzqtsHd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ConfigSecurityPolicy.exe

Files

ConfigSecurityPolicy.exe
.exe windows:10 windows x86

4a29f2c79ea575a80df40ae104924b8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EnableTrace
ControlTraceW
CopySid
GetLengthSid
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
DuplicateTokenEx
GetSidSubAuthority
AllocateAndInitializeSid
CheckTokenMembership
OpenSCManagerW
OpenServiceW
ChangeServiceConfigW
ControlService
QueryServiceStatus
LookupPrivilegeValueW
RegCloseKey
FreeSid
CloseServiceHandle
CreateProcessAsUserW
LookupPrivilegeNameW
InitiateSystemShutdownExW
AdjustTokenPrivileges
PrivilegeCheck

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SearchPathW
UnmapViewOfFile
WideCharToMultiByte
EncodePointer
DecodePointer
VirtualLock
SetErrorMode
FreeLibrary
FindClose
GetLastError
SetLastError
FindResourceW
GetModuleHandleW
GetProcAddress
GlobalFindAtomW
GetDriveTypeW
GetVersionExW
GetLocalTime
SystemTimeToFileTime
GetNativeSystemInfo
ProcessIdToSessionId
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetExitCodeThread
CreateEventW
ResetEvent
SetEvent
CreateThread
MoveFileW
GetLongPathNameW
GetFileSizeEx
GetFileSize
WriteFile
ReadFile
CreateFileW
VerifyVersionInfoW
K32GetModuleFileNameExW
HeapFree
GetProcessHeap
HeapAlloc
DeleteFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FreeResource
LockResource
LoadResource
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetDiskFreeSpaceExW
GetSystemDirectoryW
GetWindowsDirectoryW
GetExitCodeProcess
LocalFree
IsWow64Process
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
CreateProcessW
GetLocaleInfoW
LoadLibraryExW
CopyFileW
GetModuleFileNameW
GetTempFileNameW
GetTempPathW
CreateDirectoryW
SwitchToThread
GetSystemDefaultLangID
SizeofResource
FindResourceExW
FormatMessageW
GetSystemTime
MultiByteToWideChar
FileTimeToSystemTime
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
GetFileAttributesW
HeapSetInformation
CreateFileMappingW
MapViewOfFile

msvcrt

memset
wcsstr
fflush
fgetws
fclose
wcsncmp
_wcsnicmp
memcpy_s
memmove_s
_wcsicmp
__iob_func
realloc
feof
_wchmod
memmove
fwprintf
_purecall
_wfopen
_errno
_vsnwprintf
_vsnprintf
iswspace
_except_handler4_common
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
memcpy
__CxxFrameHandler3
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
malloc
free
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@ABQBDH@Z
bsearch
wcschr
swscanf_s
fprintf
towlower
wcsrchr
iswalpha
wcscpy_s
vswprintf_s
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
_vscwprintf
wcstoul
__RTDynamicCast

ole32

StringFromGUID2
CoCreateGuid
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CoUninitialize

api-ms-win-core-synch-l1-2-0

Sleep
InitializeCriticalSection

api-ms-win-core-errorhandling-l1-1-1

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

oleaut32

SysAllocStringLen
VarCmp
VariantChangeType
GetErrorInfo
VarBstrCat
SysStringLen
VariantClear
VariantInit
SysFreeString
SysAllocString
SysStringByteLen
SysAllocStringByteLen

user32

GetWindowThreadProcessId
SendMessageW
FindWindowW
SetTimer
GetSystemMetrics
SetWindowTextW
PostMessageW
ShowWindow
LoadStringW
LoadImageW
DestroyIcon
SetForegroundWindow
KillTimer
IsDialogMessageW
PostThreadMessageW
DestroyWindow
CreateDialogParamW
UnregisterClassA
AdjustWindowRectEx
MessageBoxW
LoadIconW

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-core-heap-l1-2-0

HeapSize
HeapReAlloc
HeapDestroy

api-ms-win-core-debug-l1-1-1

OutputDebugStringA

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
SHGetPathFromIDListW

shlwapi

PathFindFileNameW
PathIsRelativeW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW
PathCombineW
PathMatchSpecW
SHDeleteKeyW
PathIsDirectoryW

ntdll

RtlNtStatusToDosError
RtlGetVersion

crypt32

CertVerifyCertificateChainPolicy

wintrust

CryptCATAdminCalcHashFromFileHandle
CryptCATAdminAcquireContext
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATCatalogInfoFromContext
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash

Sections

.text
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a29f2c79ea575a80df40ae104924b8c

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

ole32

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

userenv

oleaut32

user32

wtsapi32

api-ms-win-core-version-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-heap-l1-2-0

api-ms-win-core-debug-l1-1-1

shell32

shlwapi

ntdll

crypt32

wintrust

Sections

.text Size: 176KB - Virtual size: 176KB

.data Size: 12KB - Virtual size: 13KB

.idata Size: 8KB - Virtual size: 8KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 176KB - Virtual size: 176KB

.data
Size: 12KB - Virtual size: 13KB

.idata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 15KB - Virtual size: 15KB